From mboxrd@z Thu Jan 1 00:00:00 1970 From: Heiko Schocher Date: Mon, 27 Jan 2014 07:37:07 +0100 Subject: [U-Boot] [PATCH 2/7] fdt: add "fdt sign" command In-Reply-To: References: <1390632269-8971-1-git-send-email-hs@denx.de> <1390632269-8971-3-git-send-email-hs@denx.de> Message-ID: <52E5FE93.2030306@denx.de> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Hello Simon, Am 26.01.2014 22:04, schrieb Simon Glass: > Hi Heiko, > > On 24 January 2014 23:44, Heiko Schocher wrote: >> check if a fdt is correct signed >> pass an optional addr value. Contains the addr of the key blob >> >> Signed-off-by: Heiko Schocher >> Cc: Simon Glass >> --- >> common/cmd_fdt.c | 38 +++++++++++++++++++++++++++++++++++++- >> 1 file changed, 37 insertions(+), 1 deletion(-) >> >> diff --git a/common/cmd_fdt.c b/common/cmd_fdt.c >> index 3a9edd6..b8468ea 100644 >> --- a/common/cmd_fdt.c >> +++ b/common/cmd_fdt.c >> @@ -243,7 +243,7 @@ static int do_fdt(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) >> /* >> * Set the value of a property in the working_fdt. >> */ >> - } else if (argv[1][0] == 's') { >> + } else if (strncmp(argv[1], "se", 2) == 0) { >> char *pathp; /* path */ >> char *prop; /* property */ >> int nodeoffset; /* node offset from libfdt */ >> @@ -283,6 +283,37 @@ static int do_fdt(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) >> return 1; >> } >> >> +#if defined(CONFIG_FIT_SIGNATURE) >> + } else if (strncmp(argv[1], "si", 2) == 0) { >> + int cfg_noffset; >> + int ret; >> + unsigned long addr; >> + struct fdt_header *blob; >> + >> + if (!working_fdt) >> + return CMD_RET_FAILURE; >> + >> + if (argc> 2) { >> + addr = simple_strtoul(argv[2], NULL, 16); >> + blob = map_sysmem(addr, 0); >> + } else { >> + blob = (struct fdt_header *)gd->fdt_blob; >> + } >> + if (!fdt_valid(&blob)) >> + return 1; >> + >> + gd->fdt_blob = blob; >> + cfg_noffset = fit_conf_get_node(working_fdt, NULL); >> + if (!cfg_noffset) >> + return CMD_RET_FAILURE; > > May need to print an error here, since otherwise it won't be clear > what went wrong. Hmm... fit_conf_get_node() prints a dedicated error message if debug is activated... I thought this is enough ... ? >> + >> + ret = fit_config_verify(working_fdt, cfg_noffset); >> + if (ret == 1) >> + return CMD_RET_SUCCESS; >> + else >> + return CMD_RET_FAILURE; >> +#endif >> + >> /******************************************************************** >> * Get the value of a property in the working_fdt. >> ********************************************************************/ >> @@ -992,6 +1023,11 @@ static char fdt_help_text[] = >> "fdt rsvmem delete - Delete a mem reserves\n" >> "fdt chosen [ ] - Add/update the /chosen branch in the tree\n" >> "/ - initrd start/end addr\n" >> +#if defined(CONFIG_FIT_SIGNATURE) >> + "fdt sign [] - check FIT signature\n" > > How about checksig instead of sign? 'sign' sounds like you are going to sign it. Of course, that sounds better! Change this for v2, thanks! > >> + " - addr of key blob\n" >> + " default gd->fdt_blob\n" >> +#endif >> "NOTE: Dereference aliases by omiting the leading '/', " >> "e.g. fdt print ethernet0."; >> #endif >> -- >> 1.8.3.1 >> > > Regards, > Simon Thanks for the review. bye, Heiko -- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany